Skip to main content

Android security

See All Stories

Android O privacy measures will use random addresses when Wi-Fi scanning, limit device identifiers, more

Site default logo image

While the added privacy measures are not as noticeable as notification snoozing, Picture-in-Picture, and other new customizations, there are a number of them in Android O. With this release, Google is specifically aiming to limit device identifiers and other information that apps can request.


Expand
Expanding
Close

Google paid researchers $550,000 last year for Android vulnerabilities, increases rewards

A year ago, Android was added to the Google Vulnerability Rewards Program that pays researchers for submitting security bugs that affect various products and services. Google has since paid over $550,000 in rewards and is raising the amount going forward.


Expand
Expanding
Close

Android N introduces new security measures to prevent future Stagefright vulnerabilities

Last year’s particularly virulent Stragefright bug allowed attackers to perform a number of actions on an infected device through remote code execution. While Google has addressed those issues with monthly security patches, Android N will play a larger role in making sure a similar issue does not happen again.


Expand
Expanding
Close

Google posts reminders of the four ways to keep your Android device safe

A Google blog post reminds users of the four steps they can take to protect the security of their Android devices.

Online security is a critical piece of our everyday life. That’s why we build multiple lines of defense in Android to make the internet safer for over a billions users. Even with these layers of protection, it still doesn’t hurt to take a couple of extra precautions to be super safe.

The four steps are all ones we’d expect to be familiar to 9to5Google readers, but they could serve as useful pointers for less tech-savvy friends and family members …


Expand
Expanding
Close

January security update for Nexus devices rolling out now, download factory images here

Google has been following through with its promise of providing monthly security patches for Nexus devices. Last month’s was bundled with Android 6.0.1 and the January security updates are arriving today. The updates are based on Android 6.0.1, so don’t expect any new user facing features or even other tweaks.


Expand
Expanding
Close

Google reveals details of first monthly Nexus security update in new Google Group

Site default logo image

Google’s Android security lead Adrian Ludwig has posted a detailed description of the security update recently issued by Google for Nexus devices. The update was designed to address the Stagefright vulnerability which has been described as the  “worst Android vulnerability in the mobile OS history.”

On August 5, 2015, we released an over-the-air (OTA) update for Nexus 4/5/6/7/9/10 and Nexus Player devices that includes several security fixes. The patches for these fixes have also been released to the Android Open Source Project (AOSP) source repository.  These issues are categorized and provided in decreasing order of severity.  We have also provided an assessment of each issue, given the information we have at the time of the publication of this bulletin … 


Expand
Expanding
Close

Site default logo image

Google patches Android to block application signature vulnerability

Google has issued a patch to handset manufacturers to block a security hole that could, in theory, allow almost any Android application to be turned into malware, reports ZDNet.

It doesn’t get much scarier than this. Bluebox Security claimed to have discovered a vulnerability in Android’s security model that could allow attackers to convert 99 percent of all applications into Trojan malware. Google has told ZDNet that the hole has been patched and that it has been released to original equipment manufacturers (OEM)s.

Handset and tablet owners will have to rely on the manufacturer to push the patch to their device, but the vulnerability isn’t as scary as it sounds. While it would in principle allow an attacker to change almost any application to malware without Android detecting the change, Google reports that there is no evidence of the exploit having actually been used.

“We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play,” said Gina Scigliano, Google’s Android Communications Manager.

Via Techmeme

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications